3v4l.org

run code in 200+ php & hhvm versions
Bugs & Features
<?php $buffer = <<<XML <?xml version="1.0"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "data://text/html,aaaa" >]><foo>&xxe;</foo> XML; libxml_disable_entity_loader(false); $xml = simplexml_load_string($buffer); var_dump($xml); echo "trying New SimpleXMLElement($xml)"; $xml = new SimpleXMLElement($buffer); var_dump($xml); echo 'Enabling LIBXML_NOENT for test reasons'; $xml = simplexml_load_string($buffer, 'SimpleXMLElement', LIBXML_NOENT); var_dump($xml);
based on h7j67
Output for 5.6.0 - 5.6.30, 7.0.0 - 7.3.0rc3
object(SimpleXMLElement)#1 (1) { ["xxe"]=> object(SimpleXMLElement)#2 (1) { ["xxe"]=> object(SimpleXMLElement)#3 (0) { } } } trying New SimpleXMLElement()object(SimpleXMLElement)#2 (1) { ["xxe"]=> object(SimpleXMLElement)#1 (1) { ["xxe"]=> object(SimpleXMLElement)#3 (0) { } } } Enabling LIBXML_NOENT for test reasonsobject(SimpleXMLElement)#1 (1) { [0]=> string(4) "aaaa" }
Output for hhvm-3.15.4
object(SimpleXMLElement)#1 (1) { ["xxe"]=> object(SimpleXMLElement)#2 (1) { ["xxe"]=> object(SimpleXMLElement)#3 (0) { } } } trying New SimpleXMLElement()object(SimpleXMLElement)#2 (1) { ["xxe"]=> object(SimpleXMLElement)#3 (1) { ["xxe"]=> object(SimpleXMLElement)#4 (0) { } } } Enabling LIBXML_NOENT for test reasonsobject(SimpleXMLElement)#3 (1) { [0]=> string(4) "aaaa" }